[jrochkind1]

> From a penetration testing perspective, this may cause practical problems

I was super confused what they were talking about, until I remembered that "penetration testing" really just means "penetration", not "testing", it's just a euphemism for "attacking". I think?

[dmayer]

Yea, I think a better term would be application security assessment where one tests the application for security flaws. Penetration testing stems originally from network security where one actually tries to penetrate a network. It's not a great term for software, I agree.

[bartbes]

I think the intent here is to decrypt and then reverse engineer the network traffic, so they can then check for vulnerabilities server-side. So they aren't auditing the application, they're just trying to find a way in.

[wglb]

(You are plying to the author of the article, possibly intending to reply to the parent.)

This is part of auditing an application. Finding a way in is only one step of the process.

[wglb]

Penetration testing is what security folks do to measure the insecurity of networks or application software or device security. It is a standard term in the industry.